[CVE-2009-4067] auerswald: validate the length of USB strings
Andy Whitcroft
apw at canonical.com
Thu Oct 6 17:16:09 UTC 2011
CVE-2009-4067
A buffer overflow flaw was found in the Linux kernel's Auerswald
PBX/System Telephone usb driver implementation. There's no upstream
patch as the affected driver was removed from the kernel in 2.6.27.
This driver was removed in v2.6.27 and so nothing after hardy is
affected. There is no upstream fix, following this email is a new fix
to prevent this overflow.
Please review carefully.
Proposing for hardy.
-apw
More information about the kernel-team
mailing list